Vulnerabilities > CVE-2006-4226

047910
CVSS 3.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
mysql
oracle
nessus

Summary

MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. Successful exploitation requires that MySQL runs on a system with a file system supporting case-sensitive file names. This vulnerability is addresses in the following product releases: MySQL, MySQL, 4.1.21 MySQL, MySQL, 5.0.25 MySQL, MySQL, 5.1.12

Vulnerable Configurations

Part Description Count
Application
Mysql
23
Application
Oracle
72

Nessus

  • NASL familyDatabases
    NASL idMYSQL_5_1_12.NASL
    descriptionThe version of MySQL installed on the remote host is earlier than 4.1.21 / 5.0.25 / 5.1.12 and thus reportedly allows a remote user who has access rights on one database to access another database if the names differ only in case.
    last seen2020-06-01
    modified2020-06-02
    plugin id17807
    published2012-01-16
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17807
    titleMySQL < 4.1.21 / 5.0.25 / 5.1.12 Access Control
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17807);
      script_version("1.6");
      script_cvs_date("Date: 2018/07/16 14:09:13");
    
      script_cve_id("CVE-2006-4226");
      script_bugtraq_id(19559);
    
      script_name(english:"MySQL < 4.1.21 / 5.0.25 / 5.1.12 Access Control");
      script_summary(english:"Checks version of MySQL Server");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server may allow a remote user access to a
    database for which he does not have permissions.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL installed on the remote host is earlier than
    4.1.21 / 5.0.25 / 5.1.12 and thus reportedly allows a remote user who
    has access rights on one database to access another database if the
    names differ only in case.");
      script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html");
      script_set_attribute(attribute:"see_also", value:"http://bugs.mysql.com/bug.php?id=17647");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to MySQL version 4.1.21 / 5.0.25 / 5.1.12  or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value: "2006/08/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:make_list('4.1.21', '5.0.25', '5.1.12'), severity:SECURITY_NOTE);
    
  • NASL familyDatabases
    NASL idMYSQL_5_1_12_SUID.NASL
    descriptionThe version of MySQL installed on the remote host is earlier than 5.0.25 / 5.1.12 and thus reportedly allows a remote, authenticated user to gain privileges through a stored routine.
    last seen2020-06-01
    modified2020-06-02
    plugin id17808
    published2012-01-16
    reporterThis script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/17808
    titleMySQL < 5.0.25 / 5.1.12 Privilege Escalation
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(17808);
      script_version("1.8");
      script_cvs_date("Date: 2018/07/16 14:09:13");
    
      script_cve_id("CVE-2006-4227");
    
    # This is the same BID as CVE-2006-4226. It is fixed in the same 5.x versions
    # but does not appear in the changelog of any 4.1.x
    # 2015/11/06 BID 19559 was removed since mitre.org mistakenly linked
    # it to CVE-2006-4227
    
      script_name(english:"MySQL < 5.0.25 / 5.1.12 Privilege Escalation");
      script_summary(english:"Checks version of MySQL Server");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote database server may allow a remote user access to objects
    for which he does not have permissions.");
      script_set_attribute(attribute:"description", value:
    "The version of MySQL installed on the remote host is earlier than
    5.0.25 / 5.1.12 and thus reportedly allows a remote, authenticated
    user to gain privileges through a stored routine.");
      script_set_attribute(attribute:"see_also", value:"http://dev.mysql.com/doc/refman/5.0/en/news-5-0-25.html");
      script_set_attribute(attribute:"see_also", value:"http://bugs.mysql.com/bug.php?id=18630");
      # 4.1.x is not fixed and reached its EOL
      script_set_attribute(attribute:"solution", value:"Upgrade to MySQL version 5.0.25 / 5.1.12  or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"vuln_publication_date", value: "2006/03/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/16");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:mysql:mysql");
      script_end_attributes();
     
      script_category(ACT_GATHER_INFO);
      script_family(english:"Databases");
    
      script_copyright(english:"This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("mysql_version.nasl", "mysql_login.nasl");
      script_require_keys("Settings/ParanoidReport");
      script_require_ports("Services/mysql", 3306);
    
      exit(0);
    }
    
    include("mysql_version.inc");
    
    mysql_check_version(fixed:make_list('5.0.25', '5.1.12'), severity:SECURITY_WARNING);
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1169.NASL
    descriptionSeveral local vulnerabilities have been discovered in the MySQL database server. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4226 Michal Prokopiuk discovered that remote authenticated users are permitted to create and access a database if the lowercase spelling is the same as one they have been granted access to. - CVE-2006-4380 Beat Vontobel discovered that certain queries replicated to a slave could crash the client and thus terminate the replication.
    last seen2020-06-01
    modified2020-06-02
    plugin id22711
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22711
    titleDebian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-1169. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22711);
      script_version("1.19");
      script_cvs_date("Date: 2019/08/02 13:32:19");
    
      script_cve_id("CVE-2006-4226", "CVE-2006-4380");
      script_bugtraq_id(19559);
      script_xref(name:"DSA", value:"1169");
    
      script_name(english:"Debian DSA-1169-1 : mysql-dfsg-4.1 - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several local vulnerabilities have been discovered in the MySQL
    database server. The Common Vulnerabilities and Exposures project
    identifies the following problems :
    
      - CVE-2006-4226
        Michal Prokopiuk discovered that remote authenticated
        users are permitted to create and access a database if
        the lowercase spelling is the same as one they have been
        granted access to.
    
      - CVE-2006-4380
        Beat Vontobel discovered that certain queries replicated
        to a slave could crash the client and thus terminate the
        replication."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4226"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security-tracker.debian.org/tracker/CVE-2006-4380"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-1169"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the mysql-server-4.1 package.
    
    For the stable distribution (sarge) these problems have been fixed in
    version 4.1.11a-4sarge7. Version 4.0 is not affected by these
    problems."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mysql-dfsg-4.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"libmysqlclient14", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"libmysqlclient14-dev", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"mysql-client-4.1", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"mysql-common-4.1", reference:"4.1.11a-4sarge7")) flag++;
    if (deb_check(release:"3.1", prefix:"mysql-server-4.1", reference:"4.1.11a-4sarge7")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2007-0152.NASL
    descriptionUpdated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id25007
    published2007-04-10
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/25007
    titleCentOS 4 : mysql (CESA-2007:0152)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2007:0152 and 
    # CentOS Errata and Security Advisory 2007:0152 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(25007);
      script_version("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2006-4226");
      script_bugtraq_id(19559);
      script_xref(name:"RHSA", value:"2007:0152");
    
      script_name(english:"CentOS 4 : mysql (CESA-2007:0152)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated mysql packages that fix a security flaw are now available for
    Red Hat Enterprise Linux 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    MySQL is a multi-user, multi-threaded SQL database server. MySQL is a
    client/server implementation consisting of a server daemon (mysqld)
    and many different client programs and libraries.
    
    A flaw was found in the way MySQL handled case sensitive database
    names. A user with the ability to create databases could gain
    unauthorized access to other databases hosted by the MySQL server.
    (CVE-2006-4226)
    
    This flaw does not affect the version of MySQL distributed with Red
    Hat Enterprise Linux 2.1, 3, or 5.
    
    All users of the MySQL server are advised to upgrade to these updated
    packages, which contain a backported patch which fixes this issue."
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-April/013646.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7b13013b"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-April/013654.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?dfae0d95"
      );
      # https://lists.centos.org/pipermail/centos-announce/2007-April/013655.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?048dafcd"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mysql packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-bench");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:mysql-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/18");
      script_set_attribute(attribute:"patch_publication_date", value:"2007/04/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/10");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"mysql-4.1.20-2.RHEL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mysql-bench-4.1.20-2.RHEL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mysql-devel-4.1.20-2.RHEL4.1")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"mysql-server-4.1.20-2.RHEL4.1")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql / mysql-bench / mysql-devel / mysql-server");
    }
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_4_9.NASL
    descriptionThe remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS - Disk Images - DS Plugins - Flash Player - GNU Tar - HFS - HID Family - ImageIO - Kernel - MySQL server - Networking - OpenSSH - Printing - QuickDraw Manager - servermgrd - SMB File Server - Software Update - sudo - WebLog
    last seen2020-06-01
    modified2020-06-02
    plugin id24811
    published2007-03-13
    reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24811
    titleMac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    if ( NASL_LEVEL < 3004 ) exit(0);
    
    
    include("compat.inc");
    
    if(description)
    {
     script_id(24811);
     script_version ("1.29");
    
     script_cve_id("CVE-2007-0719", "CVE-2007-0467", "CVE-2007-0720", 
                   "CVE-2007-0721", "CVE-2007-0722", "CVE-2006-6061", 
                   "CVE-2006-6062", "CVE-2006-5679", "CVE-2007-0229", 
                   "CVE-2007-0267", "CVE-2007-0299", "CVE-2007-0723", 
                   "CVE-2006-5330", "CVE-2006-0300", "CVE-2006-6097", 
                   "CVE-2007-0318", "CVE-2007-0724", "CVE-2007-1071", 
                   "CVE-2007-0733", "CVE-2006-5836", "CVE-2006-6129", 
                   "CVE-2006-6173", "CVE-2006-1516", "CVE-2006-1517", 
                   "CVE-2006-2753", "CVE-2006-3081", "CVE-2006-4031", 
                   "CVE-2006-4226", "CVE-2006-3469", "CVE-2006-6130", 
                   "CVE-2007-0236", "CVE-2007-0726", "CVE-2006-0225", 
                   "CVE-2006-4924", "CVE-2006-5051", "CVE-2006-5052", 
                   "CVE-2007-0728", "CVE-2007-0588", "CVE-2007-0730", 
                   "CVE-2007-0731", "CVE-2007-0463", "CVE-2005-2959", 
                   "CVE-2006-4829");
     script_bugtraq_id(20982, 21236, 21291, 21349, 22041, 22948);
    
     script_name(english:"Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)");
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a Mac OS X update which fixes a security
    issue." );
     script_set_attribute(attribute:"description", value:
    "The remote host is running a version of Mac OS X 10.4 which is older than
    version 10.4.9 or a version of Mac OS X 10.3 which does not have 
    Security Update 2007-003 applied.
    
    This update contains several security fixes for the following programs :
    
     - ColorSync
     - CoreGraphics
     - Crash Reporter
     - CUPS
     - Disk Images
     - DS Plugins
     - Flash Player
     - GNU Tar
     - HFS
     - HID Family
     - ImageIO
     - Kernel
     - MySQL server
     - Networking
     - OpenSSH
     - Printing
     - QuickDraw Manager
     - servermgrd
     - SMB File Server
     - Software Update
     - sudo 
     - WebLog" );
     script_set_attribute(attribute:"see_also", value:"http://docs.info.apple.com/article.html?artnum=305214" );
     script_set_attribute(attribute:"solution", value:
    "Mac OS X 10.4 : Upgrade to Mac OS X 10.4.9 :
    
    http://www.apple.com/support/downloads/macosxserver1049updateppc.html
    http://www.apple.com/support/downloads/macosx1049updateintel.html
    http://www.apple.com/support/downloads/macosxserver1049updateuniversal.html
    
    Mac OS X 10.3 : Apply Security Update 2007-003 :
    
    http://www.apple.com/support/downloads/securityupdate20070031039client.html
    http://www.apple.com/support/downloads/securityupdate20070031039server.html" );
     script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
     script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
     script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
     script_set_attribute(attribute:"exploit_available", value:"true");
     script_cwe_id(79, 119, 362, 399);
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2007/03/13");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/09/28");
     script_set_attribute(attribute:"patch_publication_date", value: "2007/03/13");
     script_cvs_date("Date: 2018/07/14  1:59:35");
    script_set_attribute(attribute:"plugin_type", value:"combined");
    script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
    script_end_attributes();
    
     script_summary(english:"Check for the version of Mac OS X");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
     script_family(english:"MacOS X Local Security Checks");
     script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl");
     exit(0);
    }
    
    
    os = get_kb_item("Host/MacOSX/Version");
    if ( ! os ) {
    	 os = get_kb_item("Host/OS");
    	 confidence = get_kb_item("Host/OS/Confidence");
    	 if ( confidence <= 90 ) exit(0);
    	}
    if ( ! os ) exit(0);
    if ( ereg(pattern:"Mac OS X 10\.4($|\.[1-8]([^0-9]|$))", string:os)) security_hole(0);
    else if ( ereg(pattern:"Mac OS X 10\.3\.", string:os) )
    {
     packages = get_kb_item("Host/MacOSX/packages");
     if ( ! packages ) exit(0);
     if (!egrep(pattern:"^SecUpd(Srvr)?2007-003", string:packages)) security_hole(0);
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MYSQL-2075.NASL
    descriptionThis update of mysql fixes several security vulnerabilities. (CVE-2006-4031,CVE-2006-4226,CVE-2006-4227)
    last seen2020-06-01
    modified2020-06-02
    plugin id27358
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27358
    titleopenSUSE 10 Security Update : mysql (mysql-2075)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update mysql-2075.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(27358);
      script_version ("1.14");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2006-4031", "CVE-2006-4226", "CVE-2006-4227");
    
      script_name(english:"openSUSE 10 Security Update : mysql (mysql-2075)");
      script_summary(english:"Check for the mysql-2075 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update of mysql fixes several security vulnerabilities.
    (CVE-2006-4031,CVE-2006-4226,CVE-2006-4227)"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected mysql packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
      script_cwe_id(20);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:mysql-Max");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/09/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-5.0.18-20.8") ) flag++;
    if ( rpm_check(release:"SUSE10.1", reference:"mysql-Max-5.0.18-20.8") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mysql");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A0E92718660311DBAB90000E35FD8194.NASL
    descriptionMichal Prokopiuk reports a privilege escalation in MySQL. The vulnerability causes MySQL, when run on case-sensitive filesystems, to allow remote and local authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
    last seen2020-06-01
    modified2020-06-02
    plugin id22923
    published2006-10-30
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/22923
    titleFreeBSD : mysql -- database 'case-sensitive' privilege escalation (a0e92718-6603-11db-ab90-000e35fd8194)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22923);
      script_version("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2006-4226");
      script_bugtraq_id(19559);
    
      script_name(english:"FreeBSD : mysql -- database 'case-sensitive' privilege escalation (a0e92718-6603-11db-ab90-000e35fd8194)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Michal Prokopiuk reports a privilege escalation in MySQL. The
    vulnerability causes MySQL, when run on case-sensitive filesystems, to
    allow remote and local authenticated users to create or access a
    database when the database name differs only in case from a database
    for which they have permissions."
      );
      # http://bugs.mysql.com/bug.php?id=17647
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugs.mysql.com/bug.php?id=17647"
      );
      # https://vuxml.freebsd.org/freebsd/a0e92718-6603-11db-ab90-000e35fd8194.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?0fa0760d"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mysql-server");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2006/08/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/10/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/30");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"mysql-server>=5.1<5.1.12")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mysql-server>=5.0<5.0.25")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"mysql-server<4.1.21")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());
      else security_note(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2007-0152.NASL
    descriptionFrom Red Hat Security Advisory 2007:0152 : Updated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id67470
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67470
    titleOracle Linux 4 : mysql (ELSA-2007-0152)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_MYSQL-2073.NASL
    descriptionThis update of mysql fixes several security vulnerabilities. (CVE-2006-4031 / CVE-2006-4226 / CVE-2006-4227)
    last seen2020-06-01
    modified2020-06-02
    plugin id29524
    published2007-12-13
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/29524
    titleSuSE 10 Security Update : mysql (ZYPP Patch Number 2073)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2006-149.NASL
    descriptionMySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user
    last seen2020-06-01
    modified2020-06-02
    plugin id23896
    published2006-12-16
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/23896
    titleMandrake Linux Security Advisory : MySQL (MDKSA-2006:149)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0152.NASL
    descriptionUpdated mysql packages that fix a security flaw are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. A flaw was found in the way MySQL handled case sensitive database names. A user with the ability to create databases could gain unauthorized access to other databases hosted by the MySQL server. (CVE-2006-4226) This flaw does not affect the version of MySQL distributed with Red Hat Enterprise Linux 2.1, 3, or 5. All users of the MySQL server are advised to upgrade to these updated packages, which contain a backported patch which fixes this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24951
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/24951
    titleRHEL 4 : mysql (RHSA-2007:0152)

Oval

accepted2013-04-29T04:08:10.329-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
    ovaloval:org.mitre.oval:def:11831
  • commentCentOS Linux 4.x
    ovaloval:org.mitre.oval:def:16636
  • commentOracle Linux 4.x
    ovaloval:org.mitre.oval:def:15990
descriptionMySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
familyunix
idoval:org.mitre.oval:def:10729
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions.
version26

Redhat

advisories
  • bugzilla
    id203426
    titleCVE-2006-4226 mysql-server create database privilege escalation
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 4 is installed
        ovaloval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • commentmysql-server is earlier than 0:4.1.20-2.RHEL4.1
            ovaloval:com.redhat.rhsa:tst:20070152001
          • commentmysql-server is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060544002
        • AND
          • commentmysql-devel is earlier than 0:4.1.20-2.RHEL4.1
            ovaloval:com.redhat.rhsa:tst:20070152003
          • commentmysql-devel is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060544006
        • AND
          • commentmysql is earlier than 0:4.1.20-2.RHEL4.1
            ovaloval:com.redhat.rhsa:tst:20070152005
          • commentmysql is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060544004
        • AND
          • commentmysql-bench is earlier than 0:4.1.20-2.RHEL4.1
            ovaloval:com.redhat.rhsa:tst:20070152007
          • commentmysql-bench is signed with Red Hat master key
            ovaloval:com.redhat.rhsa:tst:20060544008
    rhsa
    idRHSA-2007:0152
    released2007-04-03
    severityModerate
    titleRHSA-2007:0152: mysql security update (Moderate)
  • rhsa
    idRHSA-2007:0083
rpms
  • mysql-0:5.0.30-1.el4s1.1
  • mysql-bench-0:5.0.30-1.el4s1.1
  • mysql-debuginfo-0:5.0.30-1.el4s1.1
  • mysql-devel-0:5.0.30-1.el4s1.1
  • mysql-server-0:5.0.30-1.el4s1.1
  • mysql-test-0:5.0.30-1.el4s1.1
  • mysql-0:4.1.20-2.RHEL4.1
  • mysql-bench-0:4.1.20-2.RHEL4.1
  • mysql-debuginfo-0:4.1.20-2.RHEL4.1
  • mysql-devel-0:4.1.20-2.RHEL4.1
  • mysql-server-0:4.1.20-2.RHEL4.1

Statements

contributorMark J Cox
lastmodified2006-09-19
organizationRed Hat
statementRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ This issue does not affect Red Hat Enterprise Linux 2.1 or 3